895759b0a8812455f22522634af043983ea042e3378bc30ea6e9cce60e56552d | Triage

Sharing

General

Target

895759b0a8812455f22522634af043983ea042e3378bc30ea6e9cce60e56552d
Size

1.5MB
Sample

220516-gffskshggn
MD5

0b446f9a2ea798a073d76183e974ebb0
SHA1

e5aa26a777e92b013d0749e501895586ff70f7b1
SHA256

895759b0a8812455f22522634af043983ea042e3378bc30ea6e9cce60e56552d
SHA512

eeb42c7a06deaf6d465a0c90698d389d9304e02f9de4f02adaa159cdc658d3dba266634e9150a5efc4bafc38601574b56a6d2a7201b13b3135f22416eac6272d

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  895759b0a8812455f22522634af043983ea042e3378bc30ea6e9cce60e56552d
- Size
  
  1.5MB
- MD5
  
  0b446f9a2ea798a073d76183e974ebb0
- SHA1
  
  e5aa26a777e92b013d0749e501895586ff70f7b1
- SHA256
  
  895759b0a8812455f22522634af043983ea042e3378bc30ea6e9cce60e56552d
- SHA512
  
  eeb42c7a06deaf6d465a0c90698d389d9304e02f9de4f02adaa159cdc658d3dba266634e9150a5efc4bafc38601574b56a6d2a7201b13b3135f22416eac6272d
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence